Public servants barred from using unauthorised USB drives
Read more at http://www.channelnewsasia.com/news/singapore/public-servants-barred-from-using-unauthorised-usb-drives-9031718
Read more at http://www.channelnewsasia.com/news/singapore/public-servants-barred-from-using-unauthorised-usb-drives-9031718
(Updated: )
Choy Chee Wei ·
Works at Singapore, Singapore
Hard to enforce. Probably only use when someone is being suspected and/or targeted.
Ricky Lim ·
The only inconvenience is cannot backup individual harddisk.
I believe all files must be uploaded into the shared portal.
Personal files cannot backup unless people who are technical savy use peer to peer network file share to home notebook and use its usb ports to backup to portable hard disk.
I believe all files must be uploaded into the shared portal.
Personal files cannot backup unless people who are technical savy use peer to peer network file share to home notebook and use its usb ports to backup to portable hard disk.
Ricky Lim ·
But if admin disable file sharing, then cannot do peer to peer file share, and cannot backup private harddisk.
Thus the best solution is to use byod with virtual client where office work is enforced to save and upload into the shared portal via private cloud.
Whereas private files in harddisk are separated from office work and enable with peer to peer file sharing.
Thus the best solution is to use byod with virtual client where office work is enforced to save and upload into the shared portal via private cloud.
Whereas private files in harddisk are separated from office work and enable with peer to peer file sharing.
LikeReply18 mins
Ricky Lim ·
Using this technique - can segregate files in private harddisk from office work that are virtual clients and can only be stored in shared portal within the private cloud.
Thus any malware infected from private harddisk cannot infect the shared portal in the private cloud.
Moreover, individual notebooks need to undergo security assessment process before the virtual clients can be downloaded into the individual notebook - such as :-
(1) security authentication
(2) posture assessment of notebook or other devices that need to attached to the network by virus scanning, check personal firewall, os verification etc
(3) notebook that fail the test (assuming the assessment is robust that can detect zero day attack - those with virtual patching capaiblity that can detect zero day attack) - will be quarantine and will not be able to associate and attach to internal network to download the virtual client.
So with this technique, locking up usb ports will be ok while allowing peer-to-peer file sharing to enable users to backup their individual harddisk for those tech-savvy staff.
Virtually, there is no way an infected private harddisk or notebook can infect the office shared portal - as the virtual clients are segregated from the private harddisk.
Thus any malware infected from private harddisk cannot infect the shared portal in the private cloud.
Moreover, individual notebooks need to undergo security assessment process before the virtual clients can be downloaded into the individual notebook - such as :-
(1) security authentication
(2) posture assessment of notebook or other devices that need to attached to the network by virus scanning, check personal firewall, os verification etc
(3) notebook that fail the test (assuming the assessment is robust that can detect zero day attack - those with virtual patching capaiblity that can detect zero day attack) - will be quarantine and will not be able to associate and attach to internal network to download the virtual client.
So with this technique, locking up usb ports will be ok while allowing peer-to-peer file sharing to enable users to backup their individual harddisk for those tech-savvy staff.
Virtually, there is no way an infected private harddisk or notebook can infect the office shared portal - as the virtual clients are segregated from the private harddisk.
LikeReplyJust now
Ricky Lim ·
Let's analyze why is it technically possible to disable usb ports.
Usb must be using usb drivers, a software api to interface usb hardware ports.
Such drivers must be to recognize usb speed like 3.0, 2.0, 1.0.
Such drivers must have come with Os.
If use Microsoft, then it must have come with Microsoft Os.
Creating user accounts are the administrator function and I believe can create user profile with usb disabled.
So is this analysis correct - using sherlock holmes techniques of analysis?
Usb must be using usb drivers, a software api to interface usb hardware ports.
Such drivers must be to recognize usb speed like 3.0, 2.0, 1.0.
Such drivers must have come with Os.
If use Microsoft, then it must have come with Microsoft Os.
Creating user accounts are the administrator function and I believe can create user profile with usb disabled.
So is this analysis correct - using sherlock holmes techniques of analysis?
Like · Reply · 1 hr
Ricky Lim ·
peer to peer file sharing have the advantage of turning "read access" on and turn "write access" plus other option off.
By doing so, office notebook private files can be copy and tranfer to private notebook at home and save in portable harddisk and backup to portable harddisk.
Private files at home (if infected with malware) cannot write into office notebook.
If used encrypted thumbdrive issued, it can be used in promiscuous mode - by poking into private notebook at home or elsewhere and then infect office notebook.
Unless this magic thumbdrive won't work in private notebooks but work in office notebook.
Also even encrypted, if lost or stolen - it can still be hack by brute force hacking tool assume take 1 year to do so.
If this happen, need to chant 阿弥陀佛 咯。我佛慈悲。
如来佛祖 打救你
神仙 打救你
天主 打救你
耶稣 打救你
阿拉 打救你
满天神佛 打救你
What if not tech-savvy staff leh?
Then, chant 阿弥陀佛 咯。我佛慈悲。
如来佛祖 打救我
神仙 打救我
天主 打救我
耶稣 打救我
阿拉 打救我
满天神佛 打救我
By doing so, office notebook private files can be copy and tranfer to private notebook at home and save in portable harddisk and backup to portable harddisk.
Private files at home (if infected with malware) cannot write into office notebook.
If used encrypted thumbdrive issued, it can be used in promiscuous mode - by poking into private notebook at home or elsewhere and then infect office notebook.
Unless this magic thumbdrive won't work in private notebooks but work in office notebook.
Also even encrypted, if lost or stolen - it can still be hack by brute force hacking tool assume take 1 year to do so.
If this happen, need to chant 阿弥陀佛 咯。我佛慈悲。
如来佛祖 打救你
神仙 打救你
天主 打救你
耶稣 打救你
阿拉 打救你
满天神佛 打救你
What if not tech-savvy staff leh?
Then, chant 阿弥陀佛 咯。我佛慈悲。
如来佛祖 打救我
神仙 打救我
天主 打救我
耶稣 打救我
阿拉 打救我
满天神佛 打救我
Winston Ling ·
There are websites selling things like "USB Killer" that are essentially fake USB drives that hold an huge electrical charge which is intended to short the PC/laptop which they are plugged into, i think they want to prevent such things from happen where USB devices from unknown or unsafe sources is plugged into the system. already many finanical insituations block USB storage devices (other then the USB Mouse/Keyboard) from being used on their IT equipments.
No comments:
Post a Comment